I recently set out to learn the security implications of generative AI. While harassing the ChatGPT bot through the OpenAI interface it occurred to me to integrate its features into my existing text-based MUSH game. So today I bring you instructions for powering an in-game NPC with the OpenAI API.
In Part One we discovered an object that lets us execute arbitrary commands via unsafe handling of user input - the Alley room. Now we want to understand the blast radius of this issue. The first question to ask is, "What does the Alley control?"
Alley(#9485RISVB) Type: Room Flags: TRUST STICKY VISUAL BATHROOM Owner: 8BitMUSH Zone: NOTHING Coins: 0 Created: Sat Apr 28 13:14:31 2001
The help entry for
help control tells us that if the Alley has the
TRUST flag, it controls anything with the same owner that isn't set
WIZARD. As it turns out, the
8BitMUSH user owns a great deal of things throughout 8Bit.
I created a MUSH called Parlor City in the beginning of 2019. This is an online, multi-player, text-based social game that uses a rudimentary code base for world-building.
Parlor City was opened after about 18 months of work, at which time I sought out another MUSH where I could gain some experience and a change of scenery. MUSH trackers suggest that there are roughly eight-hundred different MUSH-style games available, each with unique themes and styles.
I asked users of PennMUSH (an invaluable coding forum) if any particular crew was known to be hostile or disreputable. The answer came back: "The folks at 8Bit have been known to break MUSHes for fun." So that's what I wanted to join.
I have slowly been working on a MUSH, which is an online, multi-player, text-based social game. The game Zork (1977) is probably the most popular game in this style, although it is not multi-player. I decided to use PennMUSH as the server distro since it seems to have the widest support.
MUSH servers open a raw TCP socket for incoming connections and most sessions occur over plaintext. There are a handful of MUSH clients that players can use but a simple TELNET connection also works. MUSH servers understand enough of the TELNET protocol to refuse option negotiation.
Rather than expose the MUSH server to the open internet, I decided to create restricted shell accounts for users and have them connect to the MUSH via
localhost instead. This drastically reduces the accessibility of the MUSH and would likely deter prospective players but it works for our current user base.
Despite the huge number of active MUDs on the internet, forcing users through SSH still seems safer than exposing the MUSH service. I'm using AWS security groups on the MUSH host to prevent external access to that port.
Note: After some testing, I have walked this back and decided to just open it to the internet after the initial release. Shell accounts will still be an option. See this page for some details.